SilentDefense. Industrial cyber resilience made simple

Size: px

Start display at page:

Download "SilentDefense. Industrial cyber resilience made simple"

Lawrence Hodges
5 years ago
Views:

1 SilentDefense Industrial cyber resilience made simple Fernando Sevillano Solution Managers Director Ángel Fernández Industrial Cybersecurity & HAV Manager

2 A consolidated team with >40 years of experience Proven technology used in production since

We deliver full cyber-resilience SilentDefense provides the ability to identify and quickly recover from threats to business continuity The

3 We deliver full cyber-resilience SilentDefense provides the ability to identify and quickly recover from threats to business continuity The Intelligence provider for ICS resilience OPERATIONAL PROBLEMS NETWORKING ISSUES CYBER-SECURITY The only solution that protect industrial networks from any threat 3

4 Qué es y qué permite SilentDefense? Es una plataforma de gestión y monitorización integral de redes de operación, que incorpora funcionalidades de detección de intrusos y anomalías de red no invasivos, específicos para entornos OT. Facilitar la gestión y descubrimiento de activos de la red de operaciones. Detectar en tiempo real intrusiones en la red OT de forma no invasiva. Descubrir vectores de ataque basados en malware. Revelar la existencia de anomalías de protocolos industriales y de actividades de operación. Integrar toda la información relevante de la red de operaciones en SIEM corporativos. Incrementar la ciber-resiliencia del entorno OT de las organizaciones. 4

Real-life examples Cyber-security Networking Operations Stuxnet Havex Ukraine blackout Undesired access and flows Use of insecure protocols Incorrect process measurements Unstable process values Data

5 Real-life examples Cyber-security Networking Operations Stuxnet Havex Ukraine blackout Undesired access and flows Use of insecure protocols Incorrect process measurements Unstable process values Data sent in noncompliant format Intruders sending corrupt commands Firewall misconfigurations Connectivity issues with field devices Misconfigured devices Failure and downtime of critical devices Operators overwriting process values 5

6 The SilentDefense platform Command Center Central office Events, logs Native integration with enterprise systems SIEM, log collectors, authentication servers Management / Backhaul Network Events, logs Site 1 Events, logs Site 2 Events, logs Site n Monitoring Sensors ICS/SCADA traffic ICS/SCADA traffic ICS/SCADA traffic Passive network monitoring: no interference on network and process 6

Protocol support and interfaces BROADEST ICS PROTOCOL COVERAGE 10 open ICS protocols, including: IEC 104 IEC 61850 (MMS, GOOSE,

Yokogawa 20+ IT protocols, including SMB/CIFS and DCOM SIM/SIEMs: NATIVELY INTERFACES TO ENTERPRISE SYSTEMS HP ArcSight (CEF),

7 Protocol support and interfaces BROADEST ICS PROTOCOL COVERAGE 10 open ICS protocols, including: IEC 104 IEC (MMS, GOOSE, SV) ICCP Synchrophasor DNP3 Modbus/TCP EtherNet/IP OPC-DA BACnet Profinet Proprietary protocols from ABB, Siemens, Emerson, Yokogawa 20+ IT protocols, including SMB/CIFS and DCOM SIM/SIEMs: NATIVELY INTERFACES TO ENTERPRISE SYSTEMS HP ArcSight (CEF), IBM QRadar (LEEF), McAfee Nitro, Splunk, Alien Vault Authentication: Active Directory/LDAP Check Point Smart Event Palo Alto NextNine VSE 7

8 Applications and services Network assessment Asset inventory and flow analysis Vulnerabilities Security threats Networking and operational problems Continuous monitoring Unknown hosts and protocols Security breaches Threats to the industrial process 8

9 Features ASSET INVENTORY & NETWORK MAP VISUAL NETWORK ANALYTICS NETWORK & PROTOCOL WHITELISTS NETWORK INTELLIGENCE FRAMEWORK 9

10 Features ASSET INVENTORY & NETWORK MAP VISUAL NETWORK ANALYTICS NETWORK & PROTOCOL WHITELISTS NETWORK INTELLIGENCE FRAMEWORK 10

11 11

12 12

13 13

14 14

15 Features ASSET INVENTORY & NETWORK MAP VISUAL NETWORK ANALYTICS NETWORK & PROTOCOL WHITELISTS NETWORK INTELLIGENCE FRAMEWORK 15

16 16

17 17

18 18

19 19

20 20

21 21

22 Features ASSET INVENTORY & NETWORK MAP VISUAL NETWORK ANALYTICS NETWORK & PROTOCOL WHITELISTS NETWORK INTELLIGENCE FRAMEWORK 22

23 23

24 24

25 25

26 26

27 27

28 Features ASSET INVENTORY & NETWORK MAP VISUAL NETWORK ANALYTICS NETWORK & PROTOCOL WHITELISTS NETWORK INTELLIGENCE FRAMEWORK 28

29 Industrial Threat Library (ITL) Currently 80 checks, extended at every release Checks divided into three categories Networking: detect device and network misconfigurations Operations: detect problems and threats to the industrial process Security: detect security threats and vulnerabilities 29

30 30

31 31

32 Custom checks Detection of incorrect opening/closing of valves Detection of opening/closing too many switch breakers (Ukrainian attack) Detection of message replay attacks Extraction of power quality measurements Extraction and analysis of requests and response parameters Process variable monitoring (alert for sudden changes) Logging of file transfers RDP session monitor... 32

33 33

34 Benefits Full network visibility Automatic asset and flow inventory Network map Visual network analytics and threats Fields Points Values Unmatched threat detection Undesired devices, protocols and commands Insider threats and cyber attacks Networking and operational problems Custom-tailored checks Instant results Deployed in an hour Automated setup and configuration Out-of-the-box checks for major threats 34

35 SilentDefense Industrial cyber resilience made simple Fernando Sevillano Solution Managers Director Ángel Fernández Industrial Cybersecurity & HAV Manager

Daniel Severino, Sam Wilson October 2 nd, Achieving Cyber Security Across Your Enterprise with ICS Shield and Risk Manager

Daniel Severino, Sam Wilson October 2 nd, 2018 Achieving Cyber Security Across Your Enterprise with ICS Shield and Risk Manager Security Maturity Part of Honeywell Industrial Cyber Security Portfolio 2